As cyber-attacks become increasingly advanced and persistent, and the traditional notion of a security perimeter has all but ceased to exist, organizations are having to rethink their cybersecurity strategies. New real-time security intelligence solutions are combining big data and advanced analytics to correlate security events across multiple data sources, providing early detection of suspicious activities, rich forensic analysis tools and highly automated remediation workflows.

Most important IT Trends

The most important current IT trends (n=332)

Ever since big data technologies have become more accessible, and not just for the largest enterprises, the technology has become one of the cornerstones of the digital transformation.

As more and more corporate assets become digitalized, companies from all industries are now increasingly reliant on big data analytics to store and analyze huge amounts of data, mining it for business intelligence, optimizing their business processes, improving relationships with customers and so on. With this in mind, it is hardly surprising that big data has been recognized as the single most important IT trend.

However, with great power comes great responsibility. Digital transformation not only enables a whole range of new business benefits, but it also exposes the company’s digital assets to new security risks.

Combined with the increasingly tight compliance regulations imposed on many industries, this makes all aspects of information security extremely important, which is why IT security comes in as the second most important IT trend.

Looking at the most important IT trends, our Big Data Security Analytics survey recently found that the combination of two key technologies – big data and information security analytics – has already been recognized as an important development by over half of the respondents.

Survey data on how important big data security analytics is

Importance of big data security analytics for organizations (n=326)

Although the market for security analytics solutions is still very young, it is growing rapidly, and public awareness of its potential seems to be quite impressive, especially when projecting companies’ expectations into the future. Almost 90% of our survey participants feel certain that the technology will be playing a critical role in their corporate security infrastructures within a few years.

A look at the breakdown of the importance of big data security analytics across different industries reveals several interesting points. For example, above all industries, telcos view big data security analytics as most important to their business. This is actually not that surprising since telecommunications companies have to deal with huge and constantly growing amounts of digital assets, many of them classified as sensitive and tightly regulated, such as customers’ personally identifiable information, billing and other financial data.

relevance of big data security analytics for different industries

Breakdown of importance of big data security analytics by industry (n=326)

Of notable interest is the high level of awareness in the public sector. This can be explained again by the need to deal with citizens’ personally identifiable information and the general requirement to follow guidelines issued by other government agencies like NIST in the United States.

Unfortunately, manufacturing companies lag significantly behind other sectors in recognizing the relevance of security analytics. This is a symptom of the manufacturing industry’s historical focus on human safety and production process continuity, with less regard to information security. A massive paradigm shift is required for information security to be taken more seriously, and we can only hope that this happens before any major problems arise from insufficient security.

Although the majority of respondents to our Big Data Security Analytics Survey are aware of the importance of security analytics to their information security and data protection, a closer look at the current state of implementation of the technology reveals a rather bleak view.

Self assessment of best-in-class companies in big data security analytics

How would you assess the skills/competence in the field of (big data) security analytics in your organization compared to your main competitors? (n=293)

When asked to assess their competence in the field of big data security analytics compared to their main market competitors, the vast majority of respondents identified themselves as laggards, falling behind or matching the average skills level in their industry at best. Only 13% of participants thought their skills were much better than those of their competitors

Of course, this could be attributed to the general skills gap plaguing the IT industry nowadays. Also, most smaller companies simply cannot afford to have a dedicated team of experts managing their security infrastructures. However, since the new-generation security solutions based on big data analytics were actually designed in answer to this skills shortage, this probably indicates that many companies still continue to think of information security as a set of tools and perceive RTSI solutions as just another tool to be added to their IT infrastructure.

This, of course, could not be further from the truth – these solutions are designed to be more intelligent and highly automated and to speak the language of business, with user experiences, reports and other functional areas specifically designed for non-experts. It seems that vendors in this market should pay more attention to getting this message across to potential customers.

When looking at the percentage of respondents who have already deployed big data security analytics solutions or at least already have a strategy for them, the numbers indicate a very positive trend.

The current state of and future plans for big data security analytics

Organizations that have already implemented big data security analytics (n=292)

Although only 24% of participants already have solutions in place, over 50% are planning to deploy them in the future.

However, taking into account the fact that one of the key advantages of many real-time security intelligence products currently available on the market is their quick and easy deployment (either on-premises on completely in the cloud) with no need for a complicated initial setup and training process, it is somewhat surprising that many companies do not consider them as obvious quick wins, which could address their most critical security challenges. Vendor marketing departments should take a hint here.

It is also somewhat surprising to see that nearly a quarter of participants do not consider security analytics to be a necessary component of their security strategies. Unfortunately, many of these companies are going to learn the hard way how dangerous this assumption can be.

Since the notion of a corporate security perimeter has all but disappeared in recent years thanks to the growing adoption of cloud and mobile services, information security has experienced a profound paradigm shift from traditional perimeter protection tools towards monitoring and detecting malicious activities within corporate networks.

Increasingly sophisticated attack methods used by cyber-criminals and the growing role of malicious insiders in recent large scale security breaches clearly indicate that traditional approaches to information security can no longer keep up.

When asked to assess the current situation of their company in the area of digital security threats in our Big Data Security Analytics Survey, over 60% of participants indicated that digital security threats are a part of their daily business rather than an exceptional event. In fact, just 6% reported that their companies do not face any security threats at all.

Big Data Security Threat assessment

Current situation regarding digital security threats (n=306)

However, when we consider the results of various global security studies, which indicate that most security breaches take months to detect and companies often learn they have been hacked from third parties or even from the press, it should become obvious that this assumption can be extremely dangerous and in most cases it is based simply on a lack of awareness of malicious activities that may already be taking place in company networks.

Since this is one of the primary challenges that security analytics solutions aim to solve, companies should consider running a small pilot project or, at the very least, take advantage of the free security evaluation tools offered by many vendors. The results of even a single security check may be a startling revelation to many companies, especially smaller ones.

Digital security threats are a part of companies’ daily business. Another important finding is how companies have estimated the change in the number of security threats within the last year.

Over 60% said they have seen an increased number of attacks, which correlates with publicly available data breach statistics. However, a significant number of companies have noticed no change, and around 5% of respondents even reported a decrease in security threats.

Perceived change in the number of security threats over the last 12 months (n=332)

Of course, this may be true for a number of the best-in-class companies who have implemented better threat detection solutions. However, for others it may simply be another indication that they lack the required level of visibility into their own networks, or a result of the increased sophistication of modern advanced cyber-attacks.

When these numbers are broken down by industry, a few interesting results can be observed. First of all, it is the manufacturing companies that report the biggest increase in security attacks on their infrastructures. Combined with their traditionally weak defenses against cyber-attacks, this may indicate increasing chances of an industrial disaster caused by hackers turned cyber-terrorists. However, the very fact that companies are increasingly aware of these prospects may show hope that they will finally start adopting more consistent information security strategies, thus breaking the decades-long dependence on “security by obscurity”.

Perceived change in the number of security threats by industry (n=303)

Somewhat disturbingly, retail and services organizations were among those least concerned about the growing number of security threats. Considering the large number of recent high-profile data breaches of large retailers and online services, this indicates that some companies are still willing to learn exclusively from their own mistakes.

Looking at the key sources of increased awareness of cyber-threats and risks, our research reveals that the press and other media are playing a key role in informing the public about the consequences of high-profile security breaches. Although some may be becoming somewhat desensitized to the increasing frequency of such media stories, continued losses from such breaches combined with tightened government regulations are helping to drive the point home.

Main drivers of increased awareness of cyber-threats and risks (n=186)

A good indication of a mature security ecosystem is that many companies rely on internal threat analyses and information exchange with their peers to obtain more information about current security challenges. Unfortunately, a substantial number of survey respondents are only taking measures to increase their cybersecurity awareness after suffering such an attack. For 19%, warnings coming from third parties are the main driver.

Customer data leaks are at the top of the list when it comes to the cyber-threats companies fear the most. Following a number of well publicized large-scale breaches involving hundreds of millions of stolen records, and considering the heavy regulatory fines that can be imposed, this is not surprising at all.

Most feared types of cyber-threats (n=325)

The second most feared type of attack is losing or otherwise compromising a company’s “crown jewels” – its intellectual property in digital form. Again, no surprises here – for many companies, such an attack would lead to heavy financial and reputational losses.

Among the cyber-threats that have only recently become more relevant are attacks on manufacturing environments (which may cause massive damages and loss of life), hacking of connected devices (further complicated by their notorious lack of the basic security features) and ransomware attacks, which are especially dangerous for smaller companies, where losing access to business data effectively brings the whole organization to a grinding halt.

Part II of this article will highlight the benefits big data security analytics is bringing to companies and which technologies are currently driving the field.


Big Data and Information Security Report

How big data technology can help to increase cyber attack resilience by better detection of attacks, enabling real-time response.

Request the free report now